{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T20:18:07.785","vulnerabilities":[{"cve":{"id":"CVE-2021-22880","sourceIdentifier":"support@hackerone.com","published":"2021-02-11T18:15:17.333","lastModified":"2024-11-21T05:50:49.607","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input."},{"lang":"es","value":"El adaptador PostgreSQL en Active Record versiones anteriores a 6.1.2.1, 6.0.3.5, 5.2.4.5, sufre una vulnerabilidad de denegación de servicio de expresión regular (REDoS). Una entrada cuidadosamente diseñada puede causar que la comprobación de la entrada en el tipo \"money\" del adaptador de PostgreSQL en Active Record pase demasiado tiempo en una expresión regular, resultando en la posibilidad de un ataque DoS. Esto solo afecta a las aplicaciones Rails que usan PostgreSQL junto con las columnas de tipo money que toman la entrada del usuario"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"5.2.4.5","matchCriteriaId":"3AAA9CFA-AD3B-4CE9-922F-D056914CB0EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.3.5","matchCriteriaId":"817BE0F5-136C-460E-816D-74B3F6663BA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.2.1","matchCriteriaId":"98CE6993-089E-454B-8156-011E03FC3C94"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","matchCriteriaId":"36D96259-24BD-44E2-96D9-78CE1D41F956"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","matchCriteriaId":"E460AA51-FCDA-46B9-AE97-E6676AA5E194"}]}]}],"references":[{"url":"https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129","source":"support@hackerone.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://hackerone.com/reports/1023899","source":"support@hackerone.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/","source":"support@hackerone.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/","source":"support@hackerone.com"},{"url":"https://security.netapp.com/advisory/ntap-20210805-0009/","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-4929","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://hackerone.com/reports/1023899","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20210805-0009/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-4929","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}